An Internet security firm is warning that the AES data
encryption technique adopted by the U.S government may be vulnerable to an
attack; however, there is no evidence the weakness is great enough cause panic
yet.

In the Crypto-Gram newsletter, Counterpane Internet Security founder Bruce
Schneier said it was possible that two researchers may have figured out an
efficient way to crack the so-called Rijndael encryption standard but he
cautioned that "there's no cause for alarm yet."

Referring to a paper presented
by researchers Nicolas Courtois and Josef Pieprzyk, Crypto-Gram said
potential attacks could work by breaking simplified variants of AES using
very impractical attack models (e.g., requiring immense amounts of chosen
plaintext). "This paper claimed to break the entire algorithm, and with only
one or two known plaintexts," Schneier wrote.

However, Schneier softened the impact of his note by insisting potential
attacks against the encryption techniques can be no more implemented in the
field than they can be tested in a lab.

"No AES ... traffic can be decrypted using these techniques. No
communications are at risk. No products need to be recalled. There's so much
security margin in these ciphers that the attacks are irrelevant," Schneier
added.

AES, developed by Belgian cryptographers Joan Daemen and Vincent Rijmen, is
a symmetric 128-bit block data encryption algorithm adopted by the U.S
government in October 2000 to replacing the DES encryption technique. The
National Institute of Standards and Technology (NIST) of the U.S. Department
of Commerce selected the "Rijndael" algorithm out of a group of five under
consideration, including one called MARS from a large research team at IBM.

The attack depends much more critically on the complexity of the nonlinear
components than on the number of rounds. Ciphers with small S-boxes and
simple structures are particularly vulnerable. Serpent has small S-boxes and
a simple structure. AES has larger S-boxes, but a very simple algebraic
description," Schneier wrote.

He described the claims as "amazing results" and noted that the best attacks
previously worked by breaking simplified variants of AES using very
impractical attack models (e.g., requiring immense amounts of chosen
plaintext). "This paper claimed to break the entire algorithm, and with
only one or two known plaintexts. Moreover, the first cipher broken was
Serpent: the cipher universally considered to be the safest, most
conservative choice," he added.

Because the claims are still in abstract form, Schneier said it's unclear if
there are errors in the analysis.

"We might have an amazing new cryptanalytic technique, but we don't know if
there's an error in the analysis, and there's no way to test the technique
empirically. We have to wait until others go over the same work. And to be
sure, we have to wait until someone improves the attack to a practical point
before we know if the algorithm was broken to begin with," he added.